Lana Codes

Title	CVE ID	CVSS	Vector	Date
Nested Pages <= 3.2.3 - Missing Authorization to Authenticated (Editor+) Plugin Settings Reset	CVE-2023-2434	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L	May 30, 2023
WPC Smart Wishlist for WooCommerce <= 4.6.7 - Cross-Site Request Forgery via wishlist_add and wishlist_remove	CVE-2023-34386	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 3, 2023
Kebo Twitter Feed <= 1.5.12 - Cross-Site Request Forgery via kebo_twitter_menu_render	CVE-2023-34384	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 3, 2023
WP Hide Post <= 2.0.10 - Cross-Site Request Forgery via save_bulk_edit_data	CVE-2023-34378	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 3, 2023
Constant Contact Forms <= 1.14.0 - Missing Authorization via constant_contact_optin_ajax_handler	CVE-2023-34387	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 3, 2023
Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation	CVE-2023-34009	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 2, 2023
Download Plugin <= 2.0.4 - Cross-Site Request Forgery	CVE-2022-36345	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 24, 2023
Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation	CVE-2023-2715	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 19, 2023
Groundhogg <= 2.7.9.8 - Missing Authorization to Update License	CVE-2023-2714	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 19, 2023
WP Reactions Lite <= 1.3.8 - Cross-Site Request Forgery via AJAX action	CVE-2023-32587	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 12, 2023
Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons	CVE-2023-32579	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 11, 2023
Soundcloud Is Gold <= 2.5.1 - Missing Authorization to Soundcloud User Add	CVE-2023-32586	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 11, 2023
WP Job Portal <= 2.0.0 - Cross-Site Request Forgery to Settings Modification		4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 5, 2023
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Record Deletion	CVE-2023-0766	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 2, 2023
WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API	CVE-2023-2275	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	April 26, 2023
GDPR Compliance & Cookie Consent <= 1.2 - Cross-Site Request Forgery	CVE-2022-45815	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 19, 2023
Pearl <= 1.3.4 - Cross-Site Request Forgery via stm_hb_save_settings	CVE-2022-38356	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 19, 2023
Zendesk Support for WordPress <= 1.8.4 - Cross-Site Request Forgery	CVE-2023-23716	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 18, 2023
BadgeOS <= 3.7.1.6 - Cross-Site Request Forgery	CVE-2022-41987	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 18, 2023
WP Docs <= 1.9.8 - Cross-Site Request Forgery to folder management	CVE-2023-30873	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 18, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation